How Can Businesses Minimize the Risk Created by IoT While Ensuring Networks Are Secure?
We’re witnessing an explosion of connected things – from printers and air conditioning units to lighting systems and coffee machines – connecting to enterprise networks. This rapid proliferation is leaving networks exposed with more potential entry points that are vulnerable to attack. Not all stock Internet of Things (IoT) devices are built with security in mind and many lack basic security protection when operated under default settings, which can be an even bigger problem. As we saw in the Dyn attack of 2016, in which hackers compromised consumer IoT devices with the Mirai botnet to launch a widescale DDoS attack, devices with little or no security can have far reaching implications beyond the security of a singular device.
Although low-powered consumer IoT devices such as baby monitors or home surveillance cameras have drawn notice for their lack of security, they also offer little reward for hackers. It’s the more expensive, advanced technology with weak default security that offers more promising targets to malicious actors in search of lucrative access to valuable data or proprietary information – like a suite of smart thermostats scattered throughout an enterprise’s headquarter. This technology needs to be customized to the organization where it is being implemented, which takes time, attention and expertise. For an already burdened security team, the increase in IoT network connections adds another set of concerns to their growing ‘to do’ list.
In addition to the challenges presented security management, these products and applications continuously generate enormous quantities of data. Accounting for and securing this data presents, more or less, an impossible challenge. As the number of IoT devices grows, leaks will happen as most enterprises will never have the capabilities to secure each individual device. This coupled with the broad spectrum of devices and applications connecting to the internet exacerbates the challenge of keeping business data inside the business, and the bad guys on the outside.
Although IoT is leading to exciting advancements across both consumer and enterprise spaces, its introduction does carry its share of risks. The spread of IoT will find its way through the doors and onto the networks of most enterprises sooner or later, forcing consideration of how to ensure adequate protection while taking advantage of technology developments. However, there are steps organizations can take to minimize the explosive risk IoT adoption creates for the enterprise.
● Use the Network for Enforcement. Most organizations will never have the budgets, staff or tools to secure each IoT device. Every device connects to the network and every threat needs a network to infiltrate. So, make the network the new security platform. To adaptively defend the enterprise, turn network components into enforcement points and leverage automation, real-time intelligence and machine learning to detect anomalies and alert the system to block or contain the exploit.
● Build a Smart Security Program. Networks, especially with the rise of IoT, contain an overwhelming amount of data that is rarely harnessed. Security analytics technologies allow an organization to use this continuous flow of data to recognize patterns and prevent malicious actors and known threats from gaining entry. These technologies also help security practitioners identify and alert the network to unidentified anomalous behavior, which may be a precursor to a zero-day or advanced attack taking place.
● Practice Good Security Hygiene. IoT devices should not be able to indiscriminately connect to the entirety of an enterprise’s network, or even a segmented portion. It may seem like common sense to regulate permissions, but when the office coffee machine demands a connection in order to self-clean and the fish tank needs a connection to regulate water temperature, network-connected devices can quickly snowball. Make sure that any IoT device or application connecting to your network meets a baseline set of security criteria, such as a unique password or limited connection that prevents it from accessing other devices that may hold important data.
As businesses search for a competitive edge, IoT is increasingly going to be part of the solution. IoT is here to stay, so the question is: how can businesses minimize the risk created by the technology while ensuring the network is secure? The cost of adding security to each IoT device or network-connected application is too high for most organizations and will never mitigate all threats facing the network.
Every device is connected to the network – therefore, the network contains a wealth of intelligence, like a digital fingerprint. Protecting this intelligence is key to the security of an organization, so the network itself should become a security platform. By utilizing the network for enforcement, building a smart security program and practicing good security hygiene, businesses can minimize both the risk and cost of maintaining IoT.